Author: coheigea
Date: Mon Jan 20 11:35:13 2014
New Revision: 1559669
URL: http://svn.apache.org/r1559669
Log:
Also parse the Subject KeyInfo for the non-HolderOfKey case
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLUtil.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLUtil.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLUtil.java?rev=1559669&r1=1559668&r2=1559669&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLUtil.java
(original)
+++
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLUtil.java
Mon Jan 20 11:35:13 2014
@@ -48,6 +48,9 @@ import org.w3c.dom.Element;
*/
public final class SAMLUtil {
+ private static final org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(SAMLUtil.class);
+
private static final String SIG_NS = "http://www.w3.org/2000/09/xmldsig#";;
private SAMLUtil() {
@@ -84,20 +87,19 @@ public final class SAMLUtil {
* Try to get the secret key from a CallbackHandler implementation
* @param cb a CallbackHandler implementation
* @return An array of bytes corresponding to the secret key (can be null)
- * @throws WSSecurityException
*/
public static byte[] getSecretKeyFromCallbackHandler(
String id,
CallbackHandler cb
- ) throws WSSecurityException {
+ ) {
if (cb != null) {
WSPasswordCallback pwcb =
new WSPasswordCallback(id, WSPasswordCallback.SECRET_KEY);
try {
cb.handle(new Callback[]{pwcb});
} catch (Exception e1) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noKey",
- new Object[] { id }, e1);
+ LOG.debug("Error in retrieving secret key from
CallbackHandler: " + e1.getMessage());
+ return null;
}
return pwcb.getKey();
}
@@ -142,20 +144,15 @@ public final class SAMLUtil {
samlSubject = authzStmt.getSubject();
}
- if (samlSubject == null) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE, "invalidSAMLToken",
- "for Signature (no Subject)"
- );
- }
-
- Element sub = samlSubject.getSubjectConfirmation().getDOM();
- Element keyInfoElement =
- XMLUtils.getDirectChildElement(sub, "KeyInfo", SIG_NS);
- if (keyInfoElement != null) {
- return getCredentialFromKeyInfo(
- keyInfoElement, keyInfoProcessor, sigCrypto
- );
+ if (samlSubject != null) {
+ Element sub = samlSubject.getSubjectConfirmation().getDOM();
+ Element keyInfoElement =
+ XMLUtils.getDirectChildElement(sub, "KeyInfo", SIG_NS);
+ if (keyInfoElement != null) {
+ return getCredentialFromKeyInfo(
+ keyInfoElement, keyInfoProcessor, sigCrypto
+ );
+ }
}
}
@@ -185,24 +182,22 @@ public final class SAMLUtil {
}
org.opensaml.saml2.core.Subject samlSubject = assertion.getSubject();
- if (samlSubject == null) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE, "invalidSAMLToken",
- "for Signature (no Subject)"
- );
- }
- List<org.opensaml.saml2.core.SubjectConfirmation> subjectConfList =
- samlSubject.getSubjectConfirmations();
- for (org.opensaml.saml2.core.SubjectConfirmation subjectConfirmation :
subjectConfList) {
- SubjectConfirmationData subjConfData =
- subjectConfirmation.getSubjectConfirmationData();
- Element sub = subjConfData.getDOM();
- Element keyInfoElement =
- XMLUtils.getDirectChildElement(sub, "KeyInfo", SIG_NS);
- if (keyInfoElement != null) {
- return getCredentialFromKeyInfo(
- keyInfoElement, keyInfoProcessor, sigCrypto
- );
+ if (samlSubject != null) {
+ List<org.opensaml.saml2.core.SubjectConfirmation> subjectConfList
=
+ samlSubject.getSubjectConfirmations();
+ for (org.opensaml.saml2.core.SubjectConfirmation
subjectConfirmation : subjectConfList) {
+ SubjectConfirmationData subjConfData =
+ subjectConfirmation.getSubjectConfirmationData();
+ if (subjConfData != null) {
+ Element sub = subjConfData.getDOM();
+ Element keyInfoElement =
+ XMLUtils.getDirectChildElement(sub, "KeyInfo", SIG_NS);
+ if (keyInfoElement != null) {
+ return getCredentialFromKeyInfo(
+ keyInfoElement, keyInfoProcessor, sigCrypto
+ );
+ }
+ }
}
}
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java?rev=1559669&r1=1559668&r2=1559669&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
(original)
+++
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
Mon Jan 20 11:35:13 2014
@@ -615,33 +615,25 @@ public class SamlAssertionWrapper {
}
/**
- * This method parses the KeyInfo of the Subject for the holder-of-key
confirmation
- * method, as required by the SAML Token spec. It then stores the
SAMLKeyInfo object that
+ * This method parses the KeyInfo of the Subject. It then stores the
SAMLKeyInfo object that
* has been obtained for future processing.
* @throws WSSecurityException
*/
- public void parseHOKSubject(
+ public void parseSubject(
SAMLKeyInfoProcessor keyInfoProcessor,
Crypto sigCrypto,
CallbackHandler callbackHandler
) throws WSSecurityException {
- String confirmMethod = null;
- List<String> methods = getConfirmationMethods();
- if (methods != null && methods.size() > 0) {
- confirmMethod = methods.get(0);
- }
- if (OpenSAMLUtil.isMethodHolderOfKey(confirmMethod)) {
- if (saml1 != null) {
- subjectKeyInfo =
- SAMLUtil.getCredentialFromSubject(
- saml1, keyInfoProcessor, sigCrypto, callbackHandler
- );
- } else if (saml2 != null) {
- subjectKeyInfo =
- SAMLUtil.getCredentialFromSubject(
- saml2, keyInfoProcessor, sigCrypto, callbackHandler
- );
- }
+ if (saml1 != null) {
+ subjectKeyInfo =
+ SAMLUtil.getCredentialFromSubject(
+ saml1, keyInfoProcessor, sigCrypto, callbackHandler
+ );
+ } else if (saml2 != null) {
+ subjectKeyInfo =
+ SAMLUtil.getCredentialFromSubject(
+ saml2, keyInfoProcessor, sigCrypto, callbackHandler
+ );
}
}
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java?rev=1559669&r1=1559668&r2=1559669&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
Mon Jan 20 11:35:13 2014
@@ -185,8 +185,8 @@ public class SAMLTokenProcessor implemen
samlAssertion.verifySignature(samlKeyInfo);
}
- // Parse the HOK subject if it exists
- samlAssertion.parseHOKSubject(
+ // Parse the subject if it exists
+ samlAssertion.parseSubject(
new WSSSAMLKeyInfoProcessor(data, docInfo),
data.getSigVerCrypto(),
data.getCallbackHandler()
);
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java?rev=1559669&r1=1559668&r2=1559669&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
Mon Jan 20 11:35:13 2014
@@ -168,7 +168,7 @@ public class SignatureSTRParser implemen
);
} else {
samlAssertion = new
SamlAssertionWrapper(processedToken);
- samlAssertion.parseHOKSubject(
+ samlAssertion.parseSubject(
new WSSSAMLKeyInfoProcessor(data, wsDocInfo),
data.getSigVerCrypto(), data.getCallbackHandler()
);
